flutter-architecture

Security checks across malware telemetry and agentic risk

Overview

This skill is a Flutter architecture guide that may create project folders when explicitly used for scaffolding, with no evidence of hidden code, credentials, network access, or persistence.

Install only if you want Flutter architecture guidance and folder scaffolding. Before using the scaffold feature, confirm the target project and ask the agent to show the planned directory tree if the repository already has an established layout.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill activates on very broad phrases such as creating directory structures, scaffolding, or building architecture, which are common developer requests and lack clear guardrails. This can cause the agent to trigger unexpectedly and take filesystem-modifying actions in unrelated contexts, increasing the chance of unintended repository changes.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs direct creation of directories under lib/ and business modules without requiring prior confirmation, dry-run output, or warning that repository structure will be modified. In an agent setting, this can lead to unreviewed bulk filesystem changes, accidental overwrites, or architectural changes that the user did not intend to apply immediately.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal